Revolutionizing Cybersecurity Search with Sysdig Sage™

Sysdig Sage is an AI-based graph search assistant designed to enhance cybersecurity by simplifying how professionals interact with and extract insights from complex security data. It builds on Sysdig's AI capabilities, initially launched for cloud detection and response, by introducing a search engine that enables users to pose questions in natural language, which are translated into SysQL queries against a graph-based datastore. This assists security teams in exploring relationships, entities, and events without requiring knowledge of query syntax, thus accelerating workflows like incident response and policy validation. SysQL, a proprietary query language, is tailored specifically for cybersecurity, allowing for efficient cloud and Kubernetes resource queries and security analysis. The system incorporates a fine-tuned large language model (LLM) that interprets user intent and generates structured queries, enhancing precision and relevance. Sysdig Sage's inference pipeline leverages both the LLM and a cybersecurity knowledge graph to handle complex queries and ensure accuracy through iterative refinement, making the tool robust, adaptable, and seamlessly integrated into Sysdig's platform. This enables security teams to obtain actionable insights without needing to learn complex query languages, ultimately transforming how they approach cloud and Kubernetes resource inspection, vulnerability triage, and security posture monitoring.